On 9 September 2013 13:48, Niels Basjes <Niels@xxxxxxxxx> wrote: > If those scripts were how ever written in a language that is build > into the git program and the script are run in such a way that they > can only interact with the files in the local git (and _nothing_ > outside of that) this would be solved. That sounds interesting. > Also have a builtin scripting language also means that this would run > on all operating systems (yes, even Windows). This would be *very* helpful. It's a total pain trying to get hooks working across different OSes. > So I propose the following new feature: > > 1) A scripting language is put inside git. Perhaps a version of python > or ruby or go or ... (no need for a 'new' language) That sounds nice but ... > 2) If a project contains a folder called .githooks in the root of the > code base then the rules/scripts that are present there are executed > ONLY on the system doing the actual commit. These scripts are run in > such a limited way that they can only read the files in the > repository, they cannot do any networking/write to disk/etc and they > can only do a limited set op actions against the current operation at > hand (i.e. do checks, parse messages, etc). ... how would you prevent Ruby/Python/Go/$GeneralProgLang from executing arbitrary code? > Like I said, this is just a proposal and I would like to know what you > guys think. I love the idea but I'm not sure how feasible it is. I think you would be forced to copy an existing language and somehow "make it secure" (seems like a maintenance nightmare) or to create your own language (potentially a lot of work). But perhaps something more declarative might be usable? -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html